Preventing cyber attacks

25 May 2017

Cyber-security is a key concern that threatens all UK businesses. HSM looks at the steps one engineering company took in a bid to prevent such attacks.

Malicious attacks like that of ransomware have brought many companies to their knees, disrupting others with a knock-on effect that compromises data security.
Even large government institutions are under threat, as evident from the most recent ‘wanacrypt0r’ ransomware attack on the NHS. So what did British owned engineering company Spiers Engineering Safety do to prevent such attacks?

The company said: “Our PUWER inspection and consultancy business moved over to RiskMach which meant all of our data was hosted externally on Linux servers, rather than on our own hardware. We think that the protection of data is such an important aspect of our service that we really should be putting it in the hands of the experts who exist only to perform that function.”

RiskMach is claimed to be the first cloud based, purpose built platform for managing PUWER inspections, risk assessments and all resulting documentation.

So are cloud based software solutions the answer to the ransomware problem infecting the globe? Is paying the hackers a viable option?

Cyber security experts advise not to pay hackers, they are criminals after all. Businesses are encouraged to backup their data and then restore their computers, should their system get compromised by malicious code like ransomware.

But how easy is it to backup your hard drive, or an entire system in anticipation of an attack? Even with regular backups there is likely to be some data loss between the backup and time of the attack.

According to machine safety expert Warren Spiers, one of the biggest vulnerabilities in machine safety management is the dependency on local servers to back data up to, due to the potential for human error that leads to things like ransomware attacks.

“What we are trying to do is remove human error. The backup, if left to human behaviour can be forgotten, mislaid or misplaced. If you are going to do a backup, where are you going to put it? Are you going to put it in a different building? Because we’ve got to avoid loss of data due to a common cause, including fire, flood and theft. It is easy for someone to say backup your data. We all have devices now that backup your data at the touch of a button, but guess what they are doing. They are backing it up to the cloud...They’ve [tech companies] gone through that thought process to remove the human error element.”

We all take notice when a big company or organisation takes a hit, especially from hackers. If big businesses with all their resources can still be vulnerable, then what chance do SMEs have at mounting a defence.

All the training and security implementations do not seem to protect the data from user error. That is to say, employees who open infected attachments and malicious emails. If indeed this is how the ransomware spreads.

What do many of these companies who get hit by ransomware have in common? They use their own local servers to store the majority of their information. Quite simply data stored locally is more susceptible to ransomware. To solve this problem Spiers Engineering Safety see outsourcing as the most viable short-term solution.

The company added: “We’ve consulted with RiskMach and implemented their solution so they can manage that risk using their knowledge and skill, to protect our data. And that is a relief with the current headlines where we can see that despite their best efforts, large businesses and governmental organisations with many professionals in the field of cybersecurity, information security and availability, have been caught out. Yet with all that resource and all of that money being spent, all the meetings they've had and all the consultants they engaged, their hardware has been attacked.”

The news coverage depicts a scene of panic, with North Korea as a possible suspect, and fingers being pointed everywhere. The NHS can be said to be at the heart of the UK’s culture with much of the people having depended on it for so long. Naturally this attack feels a little closer to home.

But Warren Spiers is not worried. While some parts of the globe are in a panic over the accessibility issues with their data, Warren has been advocating cloud based data storage as an alternative to local server backups.

“Over the weekend I did not lose any sleep around this [ransomware attack on NHS]. All of our critical data is hosted in the cloud. There are pros and cons to every approach. There may be availability issues from time to time if a server connection is down or you don’t have connectivity in a rural area, but I never feared data loss and someone being able to block me indefinitely from running my business and providing my services to my customers.”

The solution then, as Warren Spiers sees it, is to move the data to an environment that is isolated from what a user controls. By moving the data to the cloud Spiers Engineering Safety have protected their clients information from ransomware attacks, since it is no longer stored on their internal servers.

Spiers Engineering Safety intend to lead by example and change the way machine safety data is stored. When asked what further steps Spiers plan to take in the interest of security, Warren said: “We will carry on implementing changes in line with current best practices and new technology, as and when they become available. The next significant change we think will be to have the data on portable devices that are not connected to the web. My business does not need that but my customers do. The ransomware would be able to, perhaps, encrypt the data on an individual device, but it would not be able to encrypt the data on the cloud. So your position would always be recoverable.”

Enjoyed this post? Share it on social media and help raise cybersecurity awareness or have an opinion you would like to share? Tweet this article or comment on LinkedIn.